LDAP as directory service and bind dn

hi, i dont want to bind with the manager user for a dt subtree, but when i create acl for a entry with all permitions for his acl i have permisions problems to create groups and organizational units in administration proxy
�i can only bind with a manager user?
�how i must config another user diferent a manager (i delete acl in ldap thats can bind anonymous)?
thanks

You can bind with a user dn instead of a manager, however you will have to give the user enough rights to create and delete other users. The directory server manual should explain more on this.

Similar Messages

  • What is "Directory Service" and why does it "use up 194%" ?

    What is "Directory Service" and why does it "use up 194%" on my istat CPU app monitor?
    Ever since I installed Leopard I've noticed this happening more and more - especially when I install an external hard drive or unplug my ethernet line - this is plainly weird and never happened under Tiger - the temperature shoots up to 84° also - I always to a restart to get rid of it but it's kind of worrying....anybody have any ideas?
    Message was edited by: Host

    Had this happen myself.
    It does have something to do with Spotlight/searching. Should go away after a while, or so I have heard from other users, 'cause it hasn't stopped driving me and my fan mad yet.
    Am going to have my MacBook index and follow-up on indexing and whatever else it feels is necessary to finally allow me to search in peace over the weekend while locking it away where I can't hear it.
    Hopefully that does the trick.
    If it wasn't for things working better/faster and most things looking better I might actually consider taking Leopard off again ...

  • How can I synchronize directory service and bpm engine?

    hi,all
    I'm using bpm WL 10.3.1 with papi.
    Now I want to assign role to participant in process.
    I use DirHumanParticipant.setRolesAssignment() and DirHumanParticipant.update() to assign role dynamically.
    But it does not work.
    Actually, when I log in to the webconsole. The role has assigned to the participant.
    but when I log in to the workspace. I cannot find expect task in my work items.
    In the history view I can find it.
    Then I remove the role that i assigned previous and assign again in the webconsole.
    After that I log in to the workspace, now i can get the expect task in my work items.
    I think it need to synchronize between directory service and bpm engine. but I don't how to do it?
    Is there any way to do it with some api?
    thanks
    regards
    kenshin

    Hi!
    Here is how it works:
    1. The engine polls the directory periodically and checks if some changes were made to the participant role assignments.
    The poller frequency is configured on the Process Administrator.
    2. When a change is detected, the engine updates the information on the engine partcipant cache.
    However, if the participant is logged it, the update operation is postponed until the participant logs off.
    3. After checking the directory, the engine directory poller sends a notification to all the PAPI clients (including the Workspace)
    and the workspace side poller updates the participant assignment you see in the workspace.
    The notification mechanism is using the JMS Topic on the JEE version of the BPM.
    - First of all verify you are logged out when you add/remove the role.
    After that, wait 1 minute or the time specified in the Process Admin as the directory poller frequency.
    - Verify the JMS Topic is defined correctly. Check the engine log for any JMS Topic related error.
    Hope it helps.

  • (in what way) does 'partnerLinkType' replace 'service' and 'binding' ?

    I've been using Oracle SOA Suite with JDeveloper's graphical tools up until now. Now I would like to understand the source code generated. A central element is of course WSDL, used extensively in any SOA application.
    I noticed that the WSDL files generated by JDeveloper contain only the standard WSDL 'types', 'message' and 'portType' elements. In addition, it uses 'partnerLinkType'. However, 'service' and 'binding' seem never to be used.
    Can anyone help me understand why generated SOA Suite wsdl files don't include the 'service' and 'binding' elements and instead use the partnerLinkType tags? What is the relationship between the latter?
    Thanks for your help!

    PartnerLinkType tags are used within your component type wsdl.
    Service and Bindings can be found in endpoint wsdls and not in component(bpel) wsdl file. This is because every component(like BPEL) can/will interact through service/reference only.

  • Directory services and windows 2003

    hello all i am new to the world of solaris. So the trouble is that we have a sunfire and i installed directory services 5.2 but windows 2003 refuse to join the domain at all... the sunfire box is in nat and there's an entry in the nat dns server. the question is: is it really possible for a win box to join the solaris ds? or only other solaris boxes can do it?

    Dear Andreas:
    I have read that:
    Hello together,
    I think I've got a solution for my
    Real-Time-LDAP-Password-Check. T was right there is a BSA package,
    which exectly do this but it is not available through the website
    or any download.
    For this you don't need a NTLM Server running or a reverse
    proxy for user authentication. It simply checks over the LDAP port
    to your LDAP server and
    returns if the login is granted through the LDAP password ior
    not.
    Yesterday I spoke to a Breeze dev. and he sent me these
    scripts. He said they will be already implemented into the next
    Breeze version but will also work with Breeze 6.
    When some is interested in this solution please send me pm
    with your email adress and I will send the zip file to you.
    Regards,
    Andreas
    We are an spanish company specilized in developing PDF forms
    and other type of applications and also involved with Adobe,
    specially in Connect.
    I will appreciate if you can send me the zip file to solve
    the LDAP question.
    My email is [email protected]
    Thanks in advance.
    Desirée

  • Directory Services and Windows Question

    If this question has been asked before or if it seems really simple I am sorry. I have a client that has a small windows work group of XP machines. They want to move to a client server infrastructure but are not interested in the headaches involved in Windows licenses and have asked me about OS X Server on a Mac Mini. My question is if I create the users in the Mac server directory services can they use those usernames and passwords to log into their machines essentially making the Mac Mini run as a "Domain Controller" role or would those usernames and password only be used to authenticate to resources hosted on the Mini?
    T

    Actually, the same problems that existed in ARD 2 still exist in ARD 3 and make it difficult to make this useful with ActiveDirectory (but are not problematic in OpenDirectory). That problem is that ARD looks for a group named "ard_admin" (and others for other purposes), and when you make a group in AD it always gets prepended with your domain name (ie: DOMAINNAME\ard_admin).
    The only way of handling this with ARD 2 was to create a local group named ard_admin and add the network users to it, or nest a group, but that only works with 10.4.3+. I asked this question to the project lead for ARD at Apple, and he dismissed this as a "OS issue"... not what I wanted to hear.
    There is a work-arround for ARD 3 where you manually change the com.apple.remotedesktop preferences to include other groups, but this will only work if you do it manually for every computer unless you have OpenDirectory. The instructions for this are in the ARD 3 manual (page 62).

  • Weblogic's LDAP Compliant directory service ?

    Hi Guys,
    I want to use the LDAP security realm for my authentication module.Now, as per
    J2EE compliancy Weblogic's directory server is LDAP compliant.Can I use weblogic's
    directory server itself (instead of Netscape,Microsoft etc.)for my LDAP security
    realm ?
    If I can use it what are the pros or cons ?
    Any pointers is greatly appreciated.
    Thanx,
    Krish.
    Krishnan.Venkataraman
    Symphoni Interactive
    Technical Lead.
    [email protected]
    412 414 5385(mobile)
    412 446 2219(Work)
    1 800 439 7757 (# 2219) (Work)
    412 343 6549(Res)
    WEB:http://members.123india.com/krishnan

    WebLogic does not ship with a default LDAP implementation. You must install
    a 3rd party LDAP server.
    Neil Smithline
    WLS Security Architect
    BEA Systems
    "Krishnan.Venkataraman" <[email protected]> wrote in message
    news:3ae57f34$[email protected]..
    >
    >
    Hi Guys,
    I want to use the LDAP security realm for my authentication module.Now, asper
    J2EE compliancy Weblogic's directory server is LDAP compliant.Can I useweblogic's
    directory server itself (instead of Netscape,Microsoft etc.)for my LDAPsecurity
    realm ?
    If I can use it what are the pros or cons ?
    Any pointers is greatly appreciated.
    Thanx,
    Krish.
    Krishnan.Venkataraman
    Symphoni Interactive
    Technical Lead.
    [email protected]
    412 414 5385(mobile)
    412 446 2219(Work)
    1 800 439 7757 (# 2219) (Work)
    412 343 6549(Res)
    WEB:http://members.123india.com/krishnan

  • OSX Server for Directory Services and an Exchange Server

    I am about to purchase an Xserve. I only want to use this for authentication purposes (OpenLDAP, Kerberos, whatever).
    We are getting rid of Windows Small Business server, but want to keep using Exchange for our email (we will build a new server with Exchange, I am not going to try to keep Small Business).
    My network is half OSX clients, half Windows XP clients.
    My question is this:
    Is it possible to have all of my users in my Xserve and have Exchange get username/password information from an OSX server (our Xserver will be our primary controller)?
    Thanks,
    aaron
      Mac OS X (10.4.9)  

    Have you gotten anymore information regarding "MS Exchange Server"... A good portion of my office are on Macs, but they all use entourage, and I refuse.. and using webmail is a pain in the butt,
    have you found anyway to send mail externally from the network?

  • ALBPM Directory Service: Hybrid Configuration - MSAD Problems

    I've successfully configured the Directory Service of an ALBPM (Enterprise Standalone) v6.0.4 #94069 installation to use a MS Active Directory (MSAD) service for ALBPM organization infomation. I can view participant, group and organizational unit information using the Process Administrator. However, I've noted:
    <ul><li>The MSAD is swamped with (successful) authentication requests from the ALBPM directory service and
         and I have had to stop the ALBPM 6.0 server to prevent disruption to our MSAD service.
    </li>
    <li>
         Repeated warning messages in the ALBPM log about MSAD Contacts, listed in MSAD Groups, that cannot be found as ALBPM Participants. These messages do not appear for MSAD Users who are correctly shown as ALBPM Participants.
    </li>
    <li>
         Repeated warning messages in the ALBPM log about MSAD Groups that cannot be found as ALBPM Groups where the MSAD Group definiton is such that the MSAD sAMAccountName value for the group is different to the MSAD name or cn value.
    </li>
    </ul>
    Is anyone else using MSAD in their ALBPM directory service configuration? Have you seen similar issues? I've tried reporting this via Oracle Support, however, my impression is that others users do not have such problems using MSAD with ALBPM or Oracle BPM.
    Thanks,
    Rob

    Hi Rob,
    Have a read of this http://download.oracle.com/docs/cd/E13154_01/bpm/docs65/admin_guide/index.html if you are using groups.
    I'm using Novell eDirectory instead of AD but am also seeing a large number of requests from BPM. However, I've not had time yet to investigate to what these relate.
    Thanks,
    Mike,

  • LDAP (Directory service) server and client compatiblw with windows 7

    Hello Experts,
    Earlier we were using Netscape Server 4.0 and Console  in Windows XP for LDAP Integration testing with BRM.
    Now that Windows XP is soon going to be decommissioned and the software is incompatible with windows 7,I am looking for Directory service (both server and client) alternatives compatible with Windows 7.
    Has  anyone tried setting up a Directory service(or LDAP) in windows 7 Operating system ??
    Any help is appreciated. Thank you

    Hello Mr Thio,
    Basic cause for this type of error message is Generally permission issue.If you are using a domain account make sure it is added as local administrator in local machine.
    RK on setup.exe and select run as administrator
    Makes sure you copy installables on local drive and run setup from machine if your are running from CD directly avoid it.
    Below MS link has documented this error please go through the link properly
    http://support.microsoft.com/kb/2799534
    Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

  • The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.

    We are in the process of removing a child domain from the forest and are down to two DCs. These are both Server 2008r2 sp1 servers, one physical and virtual (PDC). When I try to remove a DC (not the PDC emulator) I get the following error:
    The operation failed because:
    Active Directory Domain Services could not transfer the remaining data in directory partition DC=DomainDnsZones,DC=mydomain,DC=local to
    Active Directory Domain Controller \\V-Svr03.mydomain.local.
    The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles."
    I have checked replication with repadmin /showrepl and all connections were successful. The dcdiag /test:kccEvent test on all servers passed.
    Most DCdiag tests are successful. The only failure is on NCSecDesc when running dcdiag /test:NCSecDesc
       Testing server: Default-First-Site\DC1-DEV-OFC
          Starting test: NCSecDesc
             Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
                Replicating Directory Changes In Filtered Set
             access rights for the naming context:
             DC=ForestDnsZones,DC=hookemup,DC=local
             ......................... DC1-DEV-OFC failed test NCSecDesc
    In researching this I find "If you do not plan to add an RODC to the forest, you can disregard this error."
    We have not successfully run ADprep /rodcPrep nor do we plan on having any Read-Only DCs, so I think we can ignor this error. We did try running ADprep /rodcPrep but got an LDAP error which I can duplicate if this is important.
    Schema and Naming FSMOs are on a DC higher in the forest. RID, PDC, and Infrastructure FSMOs for the child domain are on the Virtual server (PDC).
    Any guidance on where to go from here would be greatly appreciated as I have no more hair on my head to pull.

    Ok... I ran repadmin /showreps /v again and it shows no errors
    C:\>repadmin /showreps /v
    Default-First-Site\DC1-DEV-OFC
    DSA Options: IS_GC
    Site Options: (none)
    DSA object GUID: b294c59f-8b46-4133-89c5-0f30bfd49607
    DSA invocationID: 1054285d-cffe-42b4-8074-e2d44adbb151
    ==== INBOUND NEIGHBORS ======================================
    CN=Configuration,DC=mydomain,DC=local
        Default-First-Site\HESTIA via RPC
            DSA object GUID: b464fde9-29d7-4490-9582-fe9270050d50
            Address: b464fde9-29d7-4490-9582-fe9270050d50._msdcs.mydomain.local
            DSA invocationID: afea3845-9fa8-40a6-a477-84348a206348
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
            USNs: 16381490/OU, 16381490/PU
            Last attempt @ 2012-10-29 13:52:39 was successful.
        Default-First-Site\V-SVR03 via RPC
            DSA object GUID: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8
            Address: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8._msdcs.mydomain.local
            DSA invocationID: 45de2c10-ec8b-443d-a645-db4e0a352a23
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
            USNs: 114817/OU, 114817/PU
            Last attempt @ 2012-10-29 13:52:39 was successful.
        Default-First-Site\V-SVR01 via RPC
            DSA object GUID: e2f794eb-9658-4bad-b695-3d8c08f46371
            Address: e2f794eb-9658-4bad-b695-3d8c08f46371._msdcs.mydomain.local
            DSA invocationID: 07bb0fe9-bca9-46d1-92ce-308d36da478d
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
            USNs: 66047/OU, 66047/PU
            Last attempt @ 2012-10-29 13:52:39 was successful.
        Default-First-Site\ATHENA via RPC
            DSA object GUID: cb00a5b0-6dea-473c-bb42-19356dd9ed36
            Address: cb00a5b0-6dea-473c-bb42-19356dd9ed36._msdcs.mydomain.local
            DSA invocationID: 57313a9c-46a2-4b94-87cc-b3f91d54faed
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
            USNs: 8098197/OU, 8098197/PU
            Last attempt @ 2012-10-29 13:52:39 was successful.
    CN=Schema,CN=Configuration,DC=mydomain,DC=local
        Default-First-Site\ATHENA via RPC
            DSA object GUID: cb00a5b0-6dea-473c-bb42-19356dd9ed36
            Address: cb00a5b0-6dea-473c-bb42-19356dd9ed36._msdcs.mydomain.local
            DSA invocationID: 57313a9c-46a2-4b94-87cc-b3f91d54faed
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
            USNs: 8097482/OU, 8097482/PU
            Last attempt @ 2012-10-29 13:52:39 was successful.
        Default-First-Site\V-SVR01 via RPC
            DSA object GUID: e2f794eb-9658-4bad-b695-3d8c08f46371
            Address: e2f794eb-9658-4bad-b695-3d8c08f46371._msdcs.mydomain.local
            DSA invocationID: 07bb0fe9-bca9-46d1-92ce-308d36da478d
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
            USNs: 65239/OU, 65239/PU
            Last attempt @ 2012-10-29 13:52:39 was successful.
        Default-First-Site\V-SVR03 via RPC
            DSA object GUID: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8
            Address: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8._msdcs.mydomain.local
            DSA invocationID: 45de2c10-ec8b-443d-a645-db4e0a352a23
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
            USNs: 114149/OU, 114149/PU
            Last attempt @ 2012-10-29 13:52:39 was successful.
        Default-First-Site\HESTIA via RPC
            DSA object GUID: b464fde9-29d7-4490-9582-fe9270050d50
            Address: b464fde9-29d7-4490-9582-fe9270050d50._msdcs.mydomain.local
            DSA invocationID: afea3845-9fa8-40a6-a477-84348a206348
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
            USNs: 16381373/OU, 16381373/PU
            Last attempt @ 2012-10-29 13:52:39 was successful.
    DC=ForestDnsZones,DC=mydomain,DC=local
        Default-First-Site\V-SVR01 via RPC
            DSA object GUID: e2f794eb-9658-4bad-b695-3d8c08f46371
            Address: e2f794eb-9658-4bad-b695-3d8c08f46371._msdcs.mydomain.local
            DSA invocationID: 07bb0fe9-bca9-46d1-92ce-308d36da478d
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
            USNs: 66295/OU, 66295/PU
            Last attempt @ 2012-10-29 13:57:48 was successful.
        Default-First-Site\ATHENA via RPC
            DSA object GUID: cb00a5b0-6dea-473c-bb42-19356dd9ed36
            Address: cb00a5b0-6dea-473c-bb42-19356dd9ed36._msdcs.mydomain.local
            DSA invocationID: 57313a9c-46a2-4b94-87cc-b3f91d54faed
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
            USNs: 8098367/OU, 8098367/PU
            Last attempt @ 2012-10-29 13:58:13 was successful.
        Default-First-Site\V-SVR03 via RPC
            DSA object GUID: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8
            Address: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8._msdcs.mydomain.local
            DSA invocationID: 45de2c10-ec8b-443d-a645-db4e0a352a23
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
            USNs: 115032/OU, 115032/PU
            Last attempt @ 2012-10-29 13:58:25 was successful.
        Default-First-Site\HESTIA via RPC
            DSA object GUID: b464fde9-29d7-4490-9582-fe9270050d50
            Address: b464fde9-29d7-4490-9582-fe9270050d50._msdcs.mydomain.local
            DSA invocationID: afea3845-9fa8-40a6-a477-84348a206348
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
            USNs: 16381653/OU, 16381653/PU
            Last attempt @ 2012-10-29 13:58:34 was successful.
    DC=mySUBdomain,DC=local
        Default-First-Site\V-SVR03 via RPC
            DSA object GUID: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8
            Address: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8._msdcs.mydomain.local
            DSA invocationID: 45de2c10-ec8b-443d-a645-db4e0a352a23
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
            USNs: 114871/OU, 114871/PU
            Last attempt @ 2012-10-29 13:54:02 was successful.
    DC=DomainDnsZones,DC=mySUBdomain,DC=local
        Default-First-Site\V-SVR03 via RPC
            DSA object GUID: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8
            Address: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8._msdcs.mydomain.local
            DSA invocationID: 45de2c10-ec8b-443d-a645-db4e0a352a23
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
            USNs: 114017/OU, 114017/PU
            Last attempt @ 2012-10-29 13:52:39 was successful.
    DC=mydomain,DC=local
        Default-First-Site\V-SVR03 via RPC
            DSA object GUID: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8
            Address: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8._msdcs.mydomain.local
            DSA invocationID: 45de2c10-ec8b-443d-a645-db4e0a352a23
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS
            USNs: 114017/OU, 114017/PU
            Last attempt @ 2012-10-29 13:52:39 was successful.
        Default-First-Site\HESTIA via RPC
            DSA object GUID: b464fde9-29d7-4490-9582-fe9270050d50
            Address: b464fde9-29d7-4490-9582-fe9270050d50._msdcs.mydomain.local
            DSA invocationID: afea3845-9fa8-40a6-a477-84348a206348
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS
            USNs: 16381614/OU, 16381614/PU
            Last attempt @ 2012-10-29 13:56:52 was successful.
        Default-First-Site\V-SVR01 via RPC
            DSA object GUID: e2f794eb-9658-4bad-b695-3d8c08f46371
            Address: e2f794eb-9658-4bad-b695-3d8c08f46371._msdcs.mydomain.local
            DSA invocationID: 07bb0fe9-bca9-46d1-92ce-308d36da478d
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS
            USNs: 66325/OU, 66325/PU
            Last attempt @ 2012-10-29 13:58:34 was successful.
        Default-First-Site\ATHENA via RPC
            DSA object GUID: cb00a5b0-6dea-473c-bb42-19356dd9ed36
            Address: cb00a5b0-6dea-473c-bb42-19356dd9ed36._msdcs.mydomain.local
            DSA invocationID: 57313a9c-46a2-4b94-87cc-b3f91d54faed
            SYNC_ON_STARTUP DO_SCHEDULED_SYNCS
            USNs: 8098385/OU, 8098385/PU
            Last attempt @ 2012-10-29 13:58:38 was successful.

  • RAID disappearing after binding to Directory Service

    We have an Xserve (late 2006) with Leopard Server. I built and RAID 1. After binding this server to a directory service, master running on a 10.7.5 server (Mac mini) the RAID is disappearing. If I click on the volume I get an error -1407.
    After unbinding the Xserve from DS and mounting the RAID with disk utility everything is fine again.
    Background:
    Want to use the RAID on the Xserve for homes and group directories of the users.
    Please help, I don't know what to do further....
    Thanks in advance
    Jens

    Had to unbind from AD. and just log on locally.

  • LDAP Services and Shared services not starting

    Our foundation services are based in a Win server
    We had a problem with the server and it required to be restarted, by now the front end Hyperion services such as Web Analysis are up but Shared services and LDAP services not. We tried to start them manually and even running the exec but it is not working.
    Any help?
    best

    Just to add a few words to John's suggestion, this problem usually occurs when an abnormal shutdown takes place on shared services server. The backend database engine is a compact db called Berkeley. Fortunately crashes generally affect logs rather than the data. In such cases like yours I simply copy db_recover.exe from below folder
    %Hyperion_Home%\SharedServices\9.3.1\openLDAP\bdb\bin
    to below folder
    D:\Hyperion\SharedServices\9.3.1\openLDAP\var\openldap-data
    and double click on db_recover.exe in this folder. It has fixed my problems so far. However, getting a directory backup of above directory doesn't hurt. So, do this at your own risk after minimizing your risk by taking a backup.
    Cheers,
    Alp

  • ADSI and Netscape Directory Services

    Who knows how to use ADSI to search a record in Netscape Directory
    Services by specifying email address?
    I can use LDAP://server/dc=abc,dc=com??sub?(mail=*.com) in Netscape
    Navigator to search and display the records in the browser, but when I
    use
    Set ojbCon = GetObject("LDAP://server/dc=abc,dc=com??sub?(mail=*.com)"),
    it complain that the path is invalid.

    That is exactly what I thought.
    so when people refer SunONE Directory Server 5.1, then that's mean iPlanet Directory Server 5.1, right?
    Because I'm looking at Solaris 9's specification and it mentioned that it bundled with SunONE Directory Server 5.1.
    Thanks for answering my question! :)

  • Certificates, Keychain and Directory Services

    Starting with 10.4.3 iChat now generates X.509 certificates for all .Mac chat addresses to allow encrypted chats.
    Those certificates can also be used to sign and encrypt all e-mails for your .Mac address in Mail.app. By default both sides need to send each other a signed e-mail to they get the other's certificate onto their keychains before they can exchange encrypted e-mails.
    But Keychain.app allows you to query .Mac for any subscriber's certificate so you get a copy of the public key without the need to exchange messages first. Just turn on
    [x] Search .Mac for Certificates
    in Keychain Access' Preferences. This works just fine, you can even look at all your friends with .Mac addresses in your Address Book to see which ones already have a working certificate.
    Now the second option in Keychain Access
    [x] Search Directory Services for Certificates
    makes me curious: How do I generate and store my own certificates for all my users in Directory Services? I haven't found any documentation on that so far and would really like to use this asap.
    When I can generate all X.509 certificates for my domain and store them in Directory Services this would make life a lot easier.
    So far we used some free CA authority but users tend to forget to renew their certs when the expiration warnings come in and sooner or later half of them can no longer sign or encrypt their e-mail. When I can do the renewal myself and distribute them this way this'll be a big improvement.
    Norbert

    Matthew -
    thanks for your reply. Unfortunately this AFP548 article explains a lot about rolling your own CA, but it does not give any hints how to store the certificate data on the directory.
    Marcel Bresink, author of several excellent books about Mac OS X (Server), gave me the hint that the following keys can be stored in an LDAP domain (information from "man DirectoryServiceAttributes"):
    UserCertificate
    Attribute containing the binary of the user's certificate.
    Usually found in user records. The certificate is data which identifies a user.
    This data is attested to by a known party, and can be independently verified
    by a third party.
    UserSMIMECertificate
    Attribute containing the binary of the user's SMIME certificate.
    Usually found in user records. The certificate is data which identifies a user.
    This data is attested to by a known party, and can be independently verified
    by a third party. SMIME certificates are often used for signed or encrypted emails.
    UserPKCS12Data
    Attribute containing binary data in PKCS #12 format.
    Usually found in user records. The value can contain keys, certificates, and
    other related information and is encrypted with a passphrase.
    Perhaps someone else has already managed to fill those keys so Keychain Access on connected clients can retrieve the Certificates.
    - Norbert

Maybe you are looking for

  • Getting Error while migrating WLS 9.2 to 10.3

    While Migrating from Weblogic 9.2 to 10.3, I am getting the following error. Please help me to solve this issue. <openjpa-1.1.1-SNAPSHOT-r422266:807362 fatal user error> org.apache.openjpa.util.MetaDataException: Errors encountered while resolving me

  • Exhange Rate not working in sales order

    Dear all, I am facing a problem with exchange rate, I have maintain exchange rate procedure in customer master with exchange rate INR 70 = 1 EUR, Now I am creating Sales order where as i m changing Exchange rate INR 65 = 1 EUR, in sales document head

  • Iphoto spins/white screen when I plug in External drive.

    Everything on the External works; Ex) The videos, etc work on the external drive, just Iphoto does not open. The Iphoto on the desk top works. The Iphoto on the external does not. When: Video from a kids toy camera was uploaded days ago, the issue ha

  • After installing 3.6 FF won't open even in the safe mode, I click on the icon and nothing happens at all

    I installed 3.6 and now FF won't open even in the safe mode. I restored my computer setting back to where I was running 3.5.13 but it still doesn't work...some files must have been deleted when I upgraded that weren't put back even when going back to

  • On cross tab, sub totals are not displaying...

    i build the cross tab report. region  period    status_cnt ======================== south   apr-07     10      may-07     10           jun-07     15         sub-total 35 north   apr-07     18      may-07     75           jun-07     15         sub-tot